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DETAILED ACTION 
Status of Claims 

1. This communication is in response to amendment filed October 13, 2006, where 
applicant amended claims 35 and 66. Claims 35-37,40-42,44,45,47-57,63-68 are pending. 

Response to Arguments 

2. Applicant's amendments and arguments filed 10/13/2006, with respect to the rejection(s) 
of claim(s) 35-37,40-42,44,45,47-57,63-68 under 102 (e) have been fully considered and are not 
persuasive. 

3. 1 12 second paragraph rejection of claim 35 is withdrawn. 

4. Applicant argues that Barrett does not disclose the following: "(1) the requesting 
application sends a subsequent request; (2) the requesting application sends the subsequent 
request to the information providing application; and (3) the requested data is not retrieved or 
provided to the information providing application by the central server". 

5. In reply, regarding argument (1), although "subsequent request" is not mentioned in the 
claims, Barrett does teach that the requesting application sends a subsequent request. Barrett 
discloses that after a partial grant of access, via identity authentication, the requestor can send a 
subsequent request to the access interface in order to negotiate acceptable conditions of use 
(column 7 lines 1-10 & 40-55). Regarding argument (2), the claims are broad, and therefore the 
"information providing application" is broadly interpreted to be the information server (see 
figure 1, #100). Regarding argument (3), it is noted that the features upon which applicant relies 
(i.e., "the requested data is not retrieved or provided to the information providing application by 
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the central server") are not recited in the rejected claim(s). Although the claims are interpreted 
in light of the specification, limitations from the specification are not read into the claims. See In 
re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

Claim Objections 

6. Claim 35 objected to because of the following informalities: On line 9, change "request 
to certain personal. . to "request to access certain personal". Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - . 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

8. Claims 35-41,43-47,53,57-59,61,63,65,66 and 67 rejected under 35 U.S.C. 102(e) as 
being anticipated by Barrett et al (US Patent No 6,581,059). 

9. In reference to claims 35,58,63 and 66, Barrett teaches a system, a personal profile 
control network and a method for distributing and maintaining end-user personal profile data in a 
data communications system, said system providing communication between applications using 
said personal profile data, the system comprising: 

a central protection server storing personal protection profile information, wherein said 
personal protection profile information stored information for a particular user as to which 
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personal profile data associated with said particular user is accessible by which particular 
application (column 5 lines 20-45 and column 6 lines 20-65); 

a requesting application providing an access request to certain personal profile data 
associated with a particular user, said user being identified by a first user identity (column 6 lines 
19-25); 

an information providing application storing said certain personal profile data associated 
with said user wherein said certain personal profile data are stored separately from said central 
protection server storing said personal protection profile information (figure 1 and column 6 
lines 20-65); 

wherein said central protection server receives said access request for said certain 
personal profile data from said requesting application and grants or rejects said request by 
evaluating the associated personal protection profile information for said particular user (column 
3 lines 30-67); and 

wherein said requesting application requests said certain personal profile data from said 
information providing application in response to said central protection server granting said 
access request (column 3 lines 30-67 and column 6 lines 40-67). 

10. In reference to claim 36, Barrett teaches the system according to claim 35, wherein there 
is one access means for each of said requesting application and said information providing 
application (column 6 lines 1-35). 

11. In reference to claim 37, Barrett teaches the system according to claim 35, wherein said 
central protection server provides a second user identity to the requesting application in response 
to said access request being granted, wherein said second user identity identifies the user within 
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said information providing application and wherein said requesting application requests said 
certain personal profile data from said information providing application using said second user 
identity (column 7 line 45 - column 8 line 35). 

12. In reference to claim 40, Barrett teaches the system according to claim 35, wherein the 
personal protection profile information are assigned one of a number of security levels, a lowest 
security level indicating that all personal profile data access is prevented for every application, 
and a highest security level indicating that all personal profile data is freely available (column 6 
lines 15-60). 

13. In reference to claims 41 and 59, Barrett teaches the system according to claims 36 and 
58, wherein an interface between said requesting application and said respective access means 
comprises an Application Programmable Interface based on a generic markup language (column 
6 lines 1-35). 

14. In reference to claim 43, Barrett teaches the system according to claim 41, wherein access 
to requested end-user personal profile data is granted or rejected by the central server in 
communication with the requesting application (Summary and column 6 lines 40-67). 

15. In reference to claims 44 and 64, Barrett teaches the system according to claims 35 and 
63, wherein access to said requested personal profile data is granted or rejected by the central 
server in communication with the information providing application (Summary and column 6 
lines 40-67). 

16. In reference to claims 45 and 65, Barrett teaches the system according to claims 35 and 
63, wherein access to said requested personal profile data is granted or rejected by the central 



Application/Control Number: 09/976,500 Page 6 

Art Unit: 2157 

server in communication with the requesting application and the information providing 
application (Summary and column 6 lines 40-67). 

17. In reference to claim 47, Barrett teaches the system according to claim 36, wherein user 
identity translating means are provided in the access means of the requesting application (column 
7 line 45 - column 8 line 35), 

1 8. In reference to claims 53 and 67, Barrett teaches the system according to claims 36 and 
66, wherein the access means of the information requesting or providing application includes 
means for encrypting the user identity (column 7 line 34 - column 8 line 30). 

19. In reference to claim 57, Barrett teaches the system according to claim 35, wherein at 
least some of the applications include respective cache memory for temporarily holding 
information about access requests, and a previously used session can be reused at least for a 
given time period (column 7 lines 1-35). 



Claim Rejections - 35 USC §103 

20. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

21. Claims 42,48-51 and 60 rejected under 35 U.S.C. 103(a) as being unpatentable over 
unpatentable over Barrett (US Patent No 6,581,059) in view of Weschler (US Patent No 



6,757,720). 
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22. In reference to claims 42 and 60, Barrett teaches the system according to claims 41 and 
59, including HTML (column 8 lines 34-40). Barrett fails to explicitly teach wherein the generic 
markup language is XML. However, Weschler does teach managing profile data via a profile 
service engine (Abstract and column 4 lines 45-67). Weschler discloses using a markup 
language such as XML for the usefulness of it dynamic formatting capabilities (column 8 lines 
20-40 and column 9 lines 50-67). 

It would have been obvious for one of ordinary skill in the art to modify Barrett by 
making the markup language as XML as per the teachings of Weschler for the usefulness of it 
dynamic formatting capabilities. 

23. In reference to claim 48, Barrett teaches the system according to claim 35. Barrett fails to 
explicitly teach wherein a general Document Type Definition (DTD) is defined to allow flow of 
personal data between said requesting application and said information providing application. 
However, Weschler teaches managing profile data via a profile service engine (Abstract and 
column 4 lines 45-67), Weschler discloses DTD's for authenticating request messages (column 

9 lines 50-67 and column 16 lines 18-65). 

It would have been obvious for one of ordinary skill in the art to modify Barrett by giving 
DTD's for data flow as per the teachings of Weschler since it is a structure of markup languages 
for providing authentication. 

24. In reference to claim 49, Barrett teaches the system according to claim 48. Barrett fails to 
explicitly teach wherein for each user a specific user DTD agreement is given (Weschler , ' 
column 9 lines 50-67 and column 16 lines 18-65, see above rationale). 
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25. In reference to claim 50, Barrett teaches the system according to claim 36. Barrett fails to 
explicitly teach wherein said access request for said personal profile data is transported from the 
requesting application to its access means using Remote Method Invocation (RMI) (Weschler , 
column 8 lines 25-67, see above rationale). 

26. In reference to claim 51, Barrett teaches the system according to claim 50. Barrett fails to 
explicitly teach wherein the request is transported as an XML transport object tagged with 
information about the requested end-user personal profile data (Weschler , column 8 lines 20-40 
and column 9 lines 50-67, see above rationale). 

27. Claim 52 rejected under 35 U.S.C. 103(a) as being unpatentable over unpatentable 
over Barrett (US Patent No 6,581,059) in view of Hoyle (US Patent No 6,771,290). 

Barrett teaches the system according to claim 36, using HTTP and other protocols 
including secure protocols (column 5 and column 9 lines 15-35). Barrett fails to explicitly teach 
wherein an HTTPS protocol is used for communication between the access means of the 
requesting or information holding application and the central protection server. However, 
"Official Notice" is taken wherein HTTPS is a well-known security protocol for communication 
over HTTP, as is taught by Hoyle (column 12 lines 5-15). 

It would have been obvious for one of ordinary skill in the art to modify Barrett by 
making the HTTP communication into HTTPS protocol as per the teachings of Hoyle for the 
purpose of secure communication over HTTP. 
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28. Claims 54-56,61,66 rejected under 35 U.S.C. 103(a) as being unpatentable over 
unpatentable over Barrett (US Patent No 6,581,059) in view of Hind et al (US Patent No 
6,826,690). 

29. In reference to claims 54,62 and 68, Barrett teaches the system according to claims 36,61 
and 66. Barrett fails to explicitly teach wherein the request is digitally signed with at least one of 
a private key of the access means of the requesting application and a private key of the access 
means of the information providing application. However, Hind teaches generating a digital 
signature for a request using a servers private key for secure communication purposes (Summary 
and column 13 lines 30-60). 

It would have been obvious for one of ordinary skill in the art to modify Barrett wherein 
the request is digitally signed with at least one of a private key of the access means of the 
requesting application and a private key of the access means of the information providing 
application as per the teachings of Hind for the purpose of secure participation of entities in 
communication. 

30. In reference to claim 55, Barrett teaches the system according to claim 54, wherein the 
request is digitally signed with a private key of the central protection server, and a digital 
signature of the access means are verified in the central protection server (Hind, Summary and 
column 13 lines 30-60, see above rationale). 

31. In reference to claim 56, Barrett teaches the system according to claim 55, wherein the 
central server means comprises means for encrypting at least the second user identity used by the 
information providing application (Hind. Summary and column 13 lines 30-60, see above 
rationale). 
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Conclusion 

32. Applicant is advised that the above specified citations of the relied upon prior art are only 
representative of the teachings of the prior art, and that any other supportive sections within the 
entirety of the reference (including any figures, incorporation by references, priority documents 
and claims) is implied as being applied to teach the scope of the claims. 

33. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ramy M. Osman whose telephone number is (571) 272-4008. 
The examiner can normally be reached on M-F 9-5. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571) 272-4001 . The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



RMO 

December 22, 2006 
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